As a security professional today is it better to see the world in black or white and have a firm view on what is needed to be secure or is better to take a risk based approach, explain the trade-off's and allow someone else, say the business to make the decision?

PCI-DSS compliance for SME's does not have to be prohibitively expensive and difficult. Like many tasks achieving compliance can seem daunting until you break it down into some smaller tasks and just make a start. I run a niche security consulting firm and have a bit of experience in this area having worked for major financials and founders of PCI, this some practical advice which will hopefully assist SME's with the difficulty and cost of compliance

In the UK consumers are predicted to spend £8.1 this Christmas, a growth of £1.2 from last year and accounting now for nearly 10% of all Christmas spending. Despite this growth, online payments has lacked real disruption and innovation. Most of the of the time consumers still enter their credit or debit card details on each and every merchant site, Nielsen says that 60% online shoppers still use a credit card. The alternatives are still in the minority: Paypal has about 14% of the global e-commerce market according to Business week, Nielsen says closer to 25%. Google checkout and Amazon checkout and similar schemes are a lot smaller than that. There is still a massive market opportunity for a disruptive technology and plenty of room for online commerce to grow by converting those offline consumers with a more secure and convenient proposition